This is the fifth and final post of the GoComply series that introduces open source pipeline to produce and process OSCAL and FedRAMP documents. If You want to achieve continuous compliance at the lowest possible cost, GoComply project is here to help. With GoComply, You will rely on open source tooling and your data will be stored in standardized formats and thus you will have a enough head room and knee room to achieve your organizational goals.

FedRAMP (the certification)

[FedRAMP]( stands for Federal Risk and Authorization Management Program. In simple terms, FedRAMP defines security requirements that cloud service must follow in order to enable US government to use their service. More precisly, FedRAMP is cloud security certification program established by US government. Before introduction of FedRAMP, individual federal agencies managed their own compliance programs and methodologies. FedRAMP is meant to be cost-effective unified approach that all agencies can standardize on. FedRAMP is governed by FedRAMP PMO (Program Management Office) that is established within GSA (General Services Administration). FedRAMP is mandatory for any cloud service that holds government data.

For open source developers it is advantageous to watch GSA/fedramp-automation github project. This project is used by GSA to develop and publish FedRAMP assets to the public.